Intel chip security fix could permanently slow down PCs by up to 30 per cent

By Jack Loughran

Published Thursday, January 4, 2018

A major flaw has been discovered in Intel’s processor chips by Google security researchers that could see hackers gain access to passwords and other confidential information on Windows, Mac OS and Linux.

The makers of these operating systems are already preparing fixes to close the vulnerability which will be released to consumers in the coming days and weeks.

The nature of the fix will fundamentally alter the way in which the operating systems communicate with the kernel - a core software layer - in such a way that executed tasks could be slowed by anywhere from 5 to 30 per cent.

Intel says the average computer user will not experience significant slowdowns once the issue is fixed. In reality, benchmarks will need to be carried out on patched computers to gain a full understanding of how their performance is affected.

The flaw affects all Intel chips produced in the last decade, although more modern chips include features such as PCID that could help to negate the slowdown to some extent.

Google’s Project Zero team said on Wednesday that the flaw could allow access to passwords and other sensitive data from a system’s memory.

The tech company disclosed the vulnerability not long after Intel said it was working to patch it.

Both Intel and Google said they were planning to disclose the issue next week when fixes will be available.

Intel has known about the problem since June; the company’s CEO, Brian Krzanich, sold off a large portion of his stake in the company in October. Shares in the company fell by 3.4 per cent after the news was revealed yesterday.

Tech companies typically withhold details about security problems until fixes are available so that hackers do not have time to exploit the flaws.

In this case, Intel was forced to disclose the problem on Wednesday after British technology site The Register reported it.

Google said it also affects other processors and the devices and operating systems running them.

Although Intel cited rival AMD as one of the companies it is working with to address the problem, AMD said in a statement that it believes its chips are safe because they use different designs.

However, the aforementioned changes to the way in which operating systems access the kernel could still have an impact on those running AMD chips, at least in the short term.

Mike Buckbee, security engineer at Varonis, said: “This vulnerability makes it theoretically possible to open up the end user’s device and rummage through the computer’s memory. For example, a JavaScript application running in a browser on a website could potentially access your computer’s kernel memory and rip through any information held there. While it’s unlikely there would be full files stored there, it’s very possible it would find bits and pieces of valuable data, like SSH keys, security tokens and even passwords.

“To counteract the threat, patches for all operating systems are in the works. These patches ‘scramble’ how kernel memory is stored, making it impossible for applications to exploit the flaw.

“While all the details are not available at this point, from what is known this vulnerability can be considered a threat. It could allow for credential theft or other privilege escalation exploits. In this respect, while potentially dire, it’s very similar to an insider threat or admin data breach.

“Organisations need to layer multiple levels of protection to build defensive depth in their networks and applications.”